CVE-2021-29272

Опубликовано: 27 мар. 2021

Источник: redhat

CVSS3: 5.9

Описание

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	bluemonday	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1944293bluemonday: Cross-site scripting via uppercase Cyrillic i

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2021-29272

CVSS3: 6.1

ubuntu

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

CVE-2021-29272

CVSS3: 6.1

nvd

почти 5 лет назад

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

GHSA-3x58-xr87-2fcj

CVSS3: 6.1

github

больше 4 лет назад

Cross-site scripting in bluemonday

5.9 Medium

CVSS3